将 Json 导入 Azure Log Analytics 时遇到问题

问题描述 投票:0回答:1

我正在尝试将一些 Microsoft Flow API 数据提取到 Azure Log Analytics 中。 目标是 Power Automate 将包含流详细信息的 JSON 发送到 Log Analytics。

这是示例 JSON :

{
    "body": [
        {
            "NAME": "XXXXX",
            "ID": "/providers/Microsoft.ProcessSimple/environments/XXXXXXX/flows/XXXXXXX/runs/XXXXX",
            "TYPE": "Microsoft.ProcessSimple/environments/flows/runs",
            "START": "2024-04-23T21:59:59.8317555Z",
            "END": "2024-04-23T22:23:08.8817048Z",
            "STATUS": "Succeeded"
        },
        {
            "NAME": "XXXXX",
            "ID": "/providers/Microsoft.ProcessSimple/environments/XXXXXXX/flows/XXXXXXX/runs/XXXXX",
            "TYPE": "Microsoft.ProcessSimple/environments/flows/runs",
            "START": "2024-04-22T21:59:59.6368987Z",
            "END": "2024-04-22T22:25:59.2561963Z",
            "STATUS": "Succeeded"
        },
        {
            "NAME": "XXXXX",
            "ID": "/providers/Microsoft.ProcessSimple/environments/XXXXXXX/flows/XXXXXXX/runs/XXXXX",
            "TYPE": "Microsoft.ProcessSimple/environments/flows/runs",
            "START": "2024-04-21T22:00:00.4246672Z",
            "END": "2024-04-21T22:24:54.7721214Z",
            "STATUS": "Succeeded"
        },
        {
            "NAME": "XXXXX",
            "ID": "/providers/Microsoft.ProcessSimple/environments/XXXXXXX/flows/XXXXXXX/runs/XXXXXX",
            "TYPE": "Microsoft.ProcessSimple/environments/flows/runs",
            "START": "2024-04-17T09:49:45.8327243Z",
            "END": "2024-04-17T09:50:46.3459275Z",
            "STATUS": "Succeeded"
        }
    ]
}

第一次使用 KQL,我问了很多 GPT 但没有什么实际作用 我最后一次尝试是使用 mv-apply 而不是 mv-expand :

source
| extend parsedJson = parse_json(body)
| mv-apply parsedItem = parsedJson on 
(
    project 
        TimeGenerated = todatetime(parsedItem['START']), // Convert 'START' to DateTime
        Name = tostring(parsedItem['NAME']),
        ID = tostring(parsedItem['ID']),
        Type = tostring(parsedItem['TYPE']),
        StartTime = tostring(parsedItem['START']),
        EndTime = tostring(parsedItem['END']),
        Status = tostring(parsedItem['STATUS'])
)

仍然不走运,给我一些不匹配的错误:

Error occurred while compiling query in query: SyntaxError:0x00000003 at 3:11 : mismatched input 'parsedItem' expecting {<EOF>, ';', '|', '.', '*', '[', '=~', '!~', 'notcontains', 'containscs', 'notcontainscs', '!contains', 'contains_cs', '!contains_cs', 'nothas', 'hascs', 'nothascs', '!has', 'has_cs', '!has_cs', 'startswith', '!startswith', 'startswith_cs', '!startswith_cs', 'endswith', '!endswith', 'endswith_cs', '!endswith_cs', 'matches regex', '/', '%', '+', '-', '<', '>', '<=', '>=', '==', '<>', '!=', 'and', 'between', 'contains', 'has', 'in', '!between', '!in', 'or'}

似乎在“Body”元素内部,每个部分都是一个数字,我相信这就是为什么它让我如此痛苦!

json azure kql azure-log-analytics
1个回答
0
投票

我猜你试图将其写成摄取时间转换。这种情况下的查询语言是有限的,不支持完整的 KQL,因为它必须大规模执行,并且不会延迟数据。具体来说,不支持 mv-apply。请参阅此处支持的 KQL: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-transformations-struct

梅尔

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.